You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: solutions/security/get-started/siem-migration.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,7 +11,7 @@ You can ingest your data before migrating your rules, or migrate your rules firs
11
11
::::{admonition} Requirements
12
12
* A working [LLM connector](/solutions/security/ai/set-up-connectors-for-large-language-models-llm.md).
13
13
* {{stack}} users: an [Enterprise](https://www.elastic.co/pricing) subscription.
14
-
* {{Stack users}}: {{ml}} must be enabled.
14
+
* {{Stack}} users: {{ml}} must be enabled.
15
15
* {{serverless-short}} users: a [Security Complete](../../../deploy-manage/deploy/elastic-cloud/project-settings.md) subscription.
16
16
17
17
::::
@@ -41,7 +41,7 @@ You can ingest your data before migrating your rules, or migrate your rules firs
41
41
```
42
42
Which would download rules related to just the `splunksysmonsecurity` app.
43
43
44
-
We don't recommend downloading all searches (for example with`| rest /servicesNS/-/-/saved/searches`) since most of the data will be irrelevant to SIEM rule migration.
44
+
We don't recommend downloading all searches (for example with`| rest /servicesNS/-/-/saved/searches`) since most of the data will be irrelevant to SIEM rule migration.
45
45
::::
46
46
47
47
5. Select your JSON file and click **Upload**.
@@ -74,11 +74,11 @@ The table's fields are as follows:
74
74
75
75
| Splunk severity | Elastic rule severity |
76
76
| ------- | ----------- |
77
-
| (Info) | Low |
78
-
| (Low) | Low |
79
-
| (Medium) | Medium |
80
-
| (High) | High |
81
-
| (Critical) | Critical |
77
+
|1 (Info) | Low |
78
+
|2 (Low) | Low |
79
+
|3 (Medium) | Medium |
80
+
|4 (High) | High |
81
+
|5 (Critical) | Critical |
82
82
83
83
***Author:** Shows one of two possible values: `Elastic`, or `Custom`. Elastic authored rules are created by Elastic and update automatically. Custom rules are translated by the SIEM migration tool or your team, and do not update automatically.
84
84
***Integrations:** Shows the number of Elastic integrations that must be installed to provide data for the rule to run successfully.
0 commit comments